docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

scout: update licensing policy name and description 

Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
This commit is contained in:
David Karlsson 2023-09-26 16:24:35 +02:00
parent 2d050d2fc9
commit 392ce76849
3 changed files with 10 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/vale/Vocab/Technology/accept.txt vendored
View File

@ -1,3 +1,4 @@
AGPLv3
APIs?
ARM
AWS
@ -25,6 +26,7 @@ Fargate
Fedora
Flink
GPG
GPLv3
GRUB
GeoNetwork
Git

8
content/scout/policy/_index.md
View File

@ -60,7 +60,7 @@ Docker Scout ships the following three out-of-the-box policies:
- [Critical and high vulnerabilities with fixes](#critical-and-high-vulnerabilities-with-fixes)
- [Critical vulnerabilities](#critical-vulnerabilities)
- [Packages with GPL3+ licenses](#packages-with-gpl3-licenses)
- [Packages with AGPLv3, GPLv3 licenses](#packages-with-agplv3-gplv3-licenses)
These policies are turned on by default for Scout-enabled repositories. There's
currently no way to turn off or configure these policies.
@ -90,10 +90,12 @@ more critical vulnerabilities.
This policy flags all critical vulnerabilities, whether or not there's a fix
version available.
### Packages with GPL3+ licenses
### Packages with AGPLv3, GPLv3 licenses
This policy requires that your artifacts don't contain packages distributed
under a GPL3+ [copyleft](https://en.wikipedia.org/wiki/Copyleft) license.
under an AGPLv3 or GPLv3 license. These licenses are protective
[copyleft](https://en.wikipedia.org/wiki/Copyleft), and may be unsuitable for
use in your software because of the restrictions they enforce.
This policy is unfulfilled if your artifacts contain one or more packages with
a violating license.

6
content/scout/policy/view.md
View File

@ -72,9 +72,9 @@ version that removes the vulnerability, when a fix version is available. To fix
the issue, upgrade the package version to the fix version.
For licensing-related policies, the list shows all packages whose license
doesn't meet the policy criteria. To fix the issue, look for an alternative
package distributed under a more appropriate license, or cut the dependency by
reimplementing the functionality in your own code.
doesn't meet the policy criteria. To fix the issue, find a way to remove the
dependency to the violating package, for example by looking for an alternative
package distributed under a more appropriate license.
## CLI